Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03 Ran by SYSTEM at 03-09-2012 12:08:51 Running from G:\ Windows 7 Enterprise (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software) HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" /md I [323584 2010-10-26] (facemoods.com) HKLM-x32\...\Run: [VDownloader] C:\Program Files (x86)\VDownloader\VDownloader.exe /silent [x] HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.) HKU\Dawid\...\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe" [12984928 2010-12-15] (GG Network S.A.) HKU\Dawid\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd) HKU\Dawid\...\Run: [AQQ] D:\WapSter\WAPSTE~1\AQQ.exe [x] HKU\Dawid\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [650104 2012-03-03] (BitTorrent, Inc.) HKU\Dawid\...\Run: [csrs.exe] C:\Windows\csrs.exe [895000 2011-05-16] () HKU\Dawid\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games Social Club\RGSCLauncher.exe /silent [x] HKU\Dawid\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2011-09-15] (NEXON Inc.) HKU\Dawid\...\Run: [pamela.exe] "C:\Program Files (x86)\Pamela\Pamela.exe" [x] HKU\Dawid\...\Run: [ALLUpdate] "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" [1379840 2011-08-16] () HKU\Dawid\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKU\Dawid\...\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe /autorun [19858432 2012-05-11] (Redefine Sp z o.o.) HKU\Dawid\...\Run: [Ghost Control] "E:\Ghost Control\ghost.exe" -startup [x] HKU\Dawid\...\Run: [Steam] "E:\Steam\Steam.exe" -silent [x] HKU\Dawid\...\Run: [WSTPager] C:\Users\Dawid\AppData\Local\Microsoft\Windows\10\WSTPager.exe [142848 2012-09-02] () Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) Startup: C:\Users\Dawid\Start Menu\Programs\Startup\GameRanger.lnk ShortcutTarget: GameRanger.lnk -> (No File) Startup: C:\Users\Dawid\Start Menu\Programs\Startup\lua7.exe () ==================== Services (Whitelisted) ====== 3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation) 3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation) 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software) 2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.) 2 mysql; C:\Users\Dawid\Desktop\xampp\mysql\bin\mysqld-nt.exe --defaults-file=C:\Users\Dawid\Desktop\xampp\mysql\bin\my.cnf mysql [5511 2011-06-25] () 2 WLMS; C:\Windows\System32\wlms\wlms.exe [19456 2009-07-13] (Microsoft Corporation) 2 Apache2.2; "C:\Users\Dawid\Desktop\xampp\apache\bin\apache.exe" -k runservice [x] 3 FileZilla Server; C:\Users\Dawid\Desktop\xampp\FileZillaFTP\FileZillaServer.exe [x] 2 HiPatchService; C:\SMITE\HiPatchService.exe [x] 3 TunngleService; C:\Tunngle\TnglCtrl.exe [x] ==================== Drivers (Whitelisted) =================== 3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-01-24] (LG Electronics Inc.) 3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-01-24] (LG Electronics Inc.) 3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-01-24] (LG Electronics Inc.) 3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [33792 2010-01-24] (LG Electronics Inc.) 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software) 3 gdrv; \??\C:\Windows\gdrv.sys [22336 2011-03-19] (Windows (R) Server 2003 DDK provider) 3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.) 2 npf; C:\Windows\System32\Drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-19] (Duplex Secure Ltd.) 3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net) 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 3 GGSAFERDriver; \??\E:\Garena PLus\Room\safedrv.sys [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] 3 vtany; \??\C:\Windows\vtany.sys [x] 3 X6va005; \??\C:\Users\Dawid\AppData\Local\Temp\005219B.tmp [x] 3 xsherlock; C:\Windows\system32\xsherlock.xem [x] ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-09-03 12:08 - 2012-09-03 12:08 - 00000000 ___DC C:\FRST 2012-09-02 15:58 - 2012-09-02 15:58 - 00000000 ____D C:\Users\Dawid\AppData\Roaming\hellomoto 2012-09-01 04:01 - 2012-09-01 05:50 - 00002488 ____A C:\Users\Dawid\Desktop\doswiadczenie.txt 2012-08-30 08:08 - 2012-08-30 08:09 - 00000000 ____D C:\Users\Dawid\Desktop\Nowy folder 2012-08-29 09:18 - 2012-08-29 09:18 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-08-29 05:41 - 2012-08-29 05:41 - 00003842 ____A C:\Users\Dawid\Desktop\gildia.txt 2012-08-28 07:27 - 2012-09-02 15:18 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-28 07:27 - 2012-08-28 07:27 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-28 07:27 - 2012-08-28 07:27 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-28 05:43 - 2012-08-28 05:52 - 122984369 ____A C:\Users\Dawid\Desktop\Dr.House.Sezon.5.Odcinek.22.A House Divided.PL.320x240.MP4.mp4 2012-08-28 05:43 - 2012-08-28 05:46 - 66553133 ____A C:\Users\Dawid\Desktop\Dr.House.Sezon.5.Odcinek.20.Simple Explanation.PL.320x240.MP4.mp4 2012-08-27 02:20 - 2012-08-27 02:20 - 00000774 ____A C:\Windows\PFRO.log 2012-08-21 01:42 - 2012-08-21 01:42 - 00000000 ____D C:\Users\Dawid\Downloads\celtic_garamond_the_2nd 2012-08-21 01:41 - 2012-08-21 01:41 - 00016682 ____A C:\Users\Dawid\Downloads\celtic_garamond_the_2nd.zip 2012-08-17 14:58 - 2012-08-17 14:58 - 00001103 ____A C:\Users\Dawid\Downloads\salem.jnlp 2012-08-16 00:24 - 2012-09-02 23:54 - 00001848 ____A C:\Windows\setupact.log 2012-08-16 00:24 - 2012-08-16 00:24 - 00000000 ____A C:\Windows\setuperr.log 2012-08-15 05:47 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 05:47 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 05:47 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 05:47 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 05:47 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 05:47 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 05:47 - 2012-06-26 23:06 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-15 05:47 - 2012-06-26 23:06 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-15 05:47 - 2012-06-26 23:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-15 05:47 - 2012-06-26 23:03 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-15 05:47 - 2012-06-26 23:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-15 05:47 - 2012-06-26 23:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-15 05:47 - 2012-06-26 23:02 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-15 05:47 - 2012-06-26 23:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-15 05:47 - 2012-06-26 23:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-15 05:47 - 2012-06-26 23:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-15 05:47 - 2012-06-26 21:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-15 05:47 - 2012-06-26 21:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-15 05:47 - 2012-06-26 21:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-15 05:47 - 2012-06-26 21:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-15 05:47 - 2012-06-26 21:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-15 05:47 - 2012-06-26 21:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-15 05:47 - 2012-06-26 21:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-15 05:47 - 2012-06-26 21:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-15 05:47 - 2012-06-26 21:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 05:47 - 2012-06-26 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-15 05:47 - 2012-06-26 20:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-15 05:47 - 2012-06-26 20:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-15 05:47 - 2012-06-15 21:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-15 05:47 - 2012-06-15 21:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-15 05:47 - 2012-06-15 20:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-15 05:47 - 2012-06-15 20:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-15 05:47 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-15 05:47 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-15 05:47 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-08-15 05:47 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-15 05:47 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-15 05:47 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-08-15 05:47 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-08-14 07:30 - 2012-08-14 07:31 - 00000000 ____D C:\Program Files (x86)\EidosNet 2012-08-12 11:34 - 2012-08-12 11:34 - 00000632 ____A C:\Users\UpdatusUser\Desktop\Linkrealms.lnk 2012-08-12 11:34 - 2012-08-12 11:34 - 00000623 ____A C:\Users\UpdatusUser\Desktop\Linkrealms Map Editor.lnk 2012-08-12 09:26 - 2012-08-12 09:26 - 00000000 ____D C:\Users\Dawid\Documents\Wizards of the Coast 2012-08-10 02:09 - 2012-08-10 02:09 - 00000883 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk 2012-08-09 09:05 - 2012-08-09 09:06 - 00000000 ____D C:\Users\Dawid\Documents\Raiderz 2012-08-08 09:46 - 2012-08-12 07:05 - 00000000 ____D C:\Users\Dawid\Documents\Shiner 2012-08-08 09:46 - 2012-08-08 09:46 - 00000000 ____D C:\Users\Dawid\AppData\Local\FLT 2012-08-05 14:17 - 2012-08-05 14:39 - 00000000 ____D C:\Users\Dawid\Desktop\woodstock2012 ==================== 3 Months Modified Files ================================ 2012-09-02 23:55 - 2011-03-24 21:32 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-02 23:54 - 2012-08-16 00:24 - 00001848 ____A C:\Windows\setupact.log 2012-09-02 23:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-02 21:45 - 2009-07-13 20:45 - 00012288 _____ C:\Windows\System32\umstartup.etl 2012-09-02 16:05 - 2012-05-03 09:12 - 01546167 ____A C:\Windows\WindowsUpdate.log 2012-09-02 16:05 - 2009-07-13 20:45 - 00011792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-02 16:05 - 2009-07-13 20:45 - 00011792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-02 15:26 - 2011-03-24 21:32 - 00001046 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-02 15:18 - 2012-08-28 07:27 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-02 13:56 - 2012-02-10 04:58 - 00000448 ___AH C:\Windows\Tasks\Norton Security Scan for Dawid.job 2012-09-01 05:50 - 2012-09-01 04:01 - 00002488 ____A C:\Users\Dawid\Desktop\doswiadczenie.txt 2012-08-29 08:12 - 2011-05-15 07:23 - 00196608 ____A C:\Windows\System32\Ikeext.etl 2012-08-29 07:16 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-29 05:41 - 2012-08-29 05:41 - 00003842 ____A C:\Users\Dawid\Desktop\gildia.txt 2012-08-28 07:27 - 2012-08-28 07:27 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-28 07:27 - 2012-08-28 07:27 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-28 05:52 - 2012-08-28 05:43 - 122984369 ____A C:\Users\Dawid\Desktop\Dr.House.Sezon.5.Odcinek.22.A House Divided.PL.320x240.MP4.mp4 2012-08-28 05:46 - 2012-08-28 05:43 - 66553133 ____A C:\Users\Dawid\Desktop\Dr.House.Sezon.5.Odcinek.20.Simple Explanation.PL.320x240.MP4.mp4 2012-08-27 02:20 - 2012-08-27 02:20 - 00000774 ____A C:\Windows\PFRO.log 2012-08-27 02:09 - 2011-06-11 00:26 - 00748528 ____A C:\Windows\System32\perfh015.dat 2012-08-27 02:09 - 2011-06-11 00:26 - 00160836 ____A C:\Windows\System32\perfc015.dat 2012-08-27 02:09 - 2009-07-13 21:13 - 01695854 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-21 09:27 - 2011-03-19 03:45 - 00058736 ____A C:\Users\Dawid\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-21 09:23 - 2009-07-13 20:45 - 00276936 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-21 01:41 - 2012-08-21 01:41 - 00016682 ____A C:\Users\Dawid\Downloads\celtic_garamond_the_2nd.zip 2012-08-17 14:58 - 2012-08-17 14:58 - 00001103 ____A C:\Users\Dawid\Downloads\salem.jnlp 2012-08-16 00:24 - 2012-08-16 00:24 - 00000000 ____A C:\Windows\setuperr.log 2012-08-15 17:00 - 2011-03-19 04:15 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-12 11:34 - 2012-08-12 11:34 - 00000632 ____A C:\Users\UpdatusUser\Desktop\Linkrealms.lnk 2012-08-12 11:34 - 2012-08-12 11:34 - 00000623 ____A C:\Users\UpdatusUser\Desktop\Linkrealms Map Editor.lnk 2012-08-10 02:27 - 2011-05-06 13:34 - 00000568 ____A C:\Users\Public\Desktop\Tunngle beta.lnk 2012-08-10 02:09 - 2012-08-10 02:09 - 00000883 ____A C:\Users\Public\Desktop\Orcs Must Die! 2.lnk 2012-08-09 02:59 - 2012-06-08 03:58 - 00000732 ____A C:\Users\Dawid\Desktop\BARGAL 3 TRUEGOLDy 11.txt 2012-07-26 09:18 - 2012-07-26 09:18 - 00000449 ____A C:\Users\UpdatusUser\Desktop\Play Armed and Dangerous.lnk 2012-07-19 05:35 - 2012-02-18 11:49 - 00045270 ____A C:\Users\Dawid\AppData\Roaming\room_v3.dat 2012-07-18 10:15 - 2012-08-15 05:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-16 11:44 - 2012-07-16 11:44 - 00000469 ____A C:\Users\UpdatusUser\Desktop\Play Star Wars Jedi Knight II Jedi Outcast.lnk 2012-07-15 01:48 - 2011-03-27 09:23 - 01671024 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-13 03:49 - 2012-07-13 03:49 - 00000616 ____A C:\Users\Public\Desktop\Garena Plus.lnk 2012-07-04 14:16 - 2012-08-15 05:47 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 05:47 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 05:47 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 05:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 05:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-01 16:01 - 2012-07-01 16:02 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-07-01 16:01 - 2012-07-01 16:02 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-06-26 23:59 - 2012-06-26 23:58 - 00000051 ____A C:\Users\Dawid\Desktop\Konto Station do Everquest.txt 2012-06-26 23:06 - 2012-08-15 05:47 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-26 23:06 - 2012-08-15 05:47 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-26 23:06 - 2012-08-15 05:47 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-26 23:03 - 2012-08-15 05:47 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-26 23:03 - 2012-08-15 05:47 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-06-26 23:03 - 2012-08-15 05:47 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-26 23:02 - 2012-08-15 05:47 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-26 23:02 - 2012-08-15 05:47 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-26 23:02 - 2012-08-15 05:47 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-26 23:02 - 2012-08-15 05:47 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-26 21:53 - 2012-08-15 05:47 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-26 21:53 - 2012-08-15 05:47 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-26 21:53 - 2012-08-15 05:47 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-26 21:51 - 2012-08-15 05:47 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-26 21:51 - 2012-08-15 05:47 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-06-26 21:51 - 2012-08-15 05:47 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-26 21:50 - 2012-08-15 05:47 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-26 21:50 - 2012-08-15 05:47 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-26 21:50 - 2012-08-15 05:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-26 21:50 - 2012-08-15 05:47 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-26 20:53 - 2012-08-15 05:47 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-26 20:10 - 2012-08-15 05:47 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-25 22:00 - 2012-06-25 22:00 - 00000093 ____A C:\Users\Dawid\AppData\Local\fusioncache.dat 2012-06-25 06:04 - 2012-06-25 06:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-19 04:45 - 2011-05-06 15:12 - 00000000 ____A C:\Windows\SysWOW64\Access.dat 2012-06-15 21:16 - 2012-08-15 05:47 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-06-15 21:15 - 2012-08-15 05:47 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-15 20:26 - 2012-08-15 05:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-15 20:26 - 2012-08-15 05:47 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-06-09 04:46 - 2012-06-09 04:46 - 00000037 ___SH C:\Users\Dawid\AppData\Local\1754111884ee9ab5277ca00.95260103 2012-06-08 21:43 - 2012-07-12 03:20 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-12 03:20 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 4095.55 MB Available physical RAM: 3542.21 MB Total Pagefile: 4093.7 MB Available Pagefile: 3535.04 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================ 1 Drive c: () (Fixed) (Total:39.06 GB) (Free:4.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Dysk Patrycji) (Fixed) (Total:58.59 GB) (Free:44.71 GB) NTFS 3 Drive e: () (Fixed) (Total:200.43 GB) (Free:39.84 GB) NTFS 5 Drive g: (INTENSO USB) (Removable) (Total:3.73 GB) (Free:0.3 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 9 MB Disk 1 Online 3824 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 39 GB 31 KB Partition 0 Extended 259 GB 39 GB Partition 2 Logical 58 GB 39 GB Partition 3 Logical 200 GB 97 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 39 GB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Dysk Patryc NTFS Partition 58 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E NTFS Partition 200 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3823 MB 24 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G INTENSO USB FAT32 Removable 3823 MB Healthy ================================================================================== Last Boot: 2012-08-18 16:20 ==================== End Of Log =============================